KVM: arm64: Prevent NV feature flag on systems w/o nested virt

It would appear that userspace can select the NV feature flag regardless of whether the system actually supports the feature. Obviously a nested guest isn't getting far in this situation; let's reject the flag instead. Link: https://lore.kernel.org/r/20230920195036.1169791-6-oliver.upton@linux.dev Signed-off-by: Oliver Upton <oliver.upton@linux.dev>
author: Oliver Upton <oliver.upton@linux.dev> 2023-09-20 19:50:33 +0000
committer: Oliver Upton <oliver.upton@linux.dev> 2023-09-21 18:13:29 +0000
commit: 12405b09926f0270f7033ed5293241180ea57343 (patch)
tree: 67b9dcdd94664c04e5c4289ce0ecd8d463ee52ea /arch
parent: baa28a53ddbe2d27377b9a4aeff5eb8b706c8d38 (diff)
1 files changed, 3 insertions, 0 deletions
diff --git a/arch/arm64/kvm/arm.c b/arch/arm64/kvm/arm.c
index ab866a7370a3..a791809fb1a1 100644
--- a/arch/arm64/kvm/arm.c
+++ b/arch/arm64/kvm/arm.c
@@ -1208,6 +1208,9 @@ static unsigned long system_supported_vcpu_features(void)
 		clear_bit(KVM_ARM_VCPU_PTRAUTH_GENERIC, &features);
 	}
 
+	if (!cpus_have_final_cap(ARM64_HAS_NESTED_VIRT))
+		clear_bit(KVM_ARM_VCPU_HAS_EL2, &features);
+
 	return features;
 }
author	Oliver Upton <oliver.upton@linux.dev>	2023-09-20 19:50:33 +0000
committer	Oliver Upton <oliver.upton@linux.dev>	2023-09-21 18:13:29 +0000
commit	12405b09926f0270f7033ed5293241180ea57343 (patch)
tree	67b9dcdd94664c04e5c4289ce0ecd8d463ee52ea /arch
parent	baa28a53ddbe2d27377b9a4aeff5eb8b706c8d38 (diff)